Wireless server access control system and method

ABSTRACT

A wireless server access control system comprising a wireless server generating a local wireless communications network, the wireless server having a processor and a plurality of redundant data memory devices. A first wireless device coupled to the wireless server through the local wireless communications network. An access control system operating on the wireless server, the access control system configured to generate a user control on a user interface of the first wireless device to allow a user to permit or deny access to the processor and the data memory devices of the wireless server by a second wireless device through the local wireless communications network.

RELATED APPLICATIONS

This application claims priority to U.S. Provisional Patent ApplicationNo. 61/941,962, filed Feb. 19, 2014, U.S. Provisional Patent ApplicationNo. 61/938,049, filed Feb. 10, 2014, U.S. Provisional Patent ApplicationNo. 61/933,805, filed Jan. 30, 2014 and U.S. Provisional PatentApplication No. 61/885,369, filed Oct. 1, 2013, each of which are herebyincorporated by reference for all purposes as if set forth herein intheir entirety.

TECHNICAL FIELD

The present disclosure relates generally to wireless servers, and morespecifically to a wireless server access control system and method thatallows mobile wireless devices to access a local wireless network of awireless server.

BACKGROUND OF THE INVENTION

Servers are typically stationary and connected to a wireline network.While wireless connections to devices are provided, the location of thewireless devices is generally not capable of being readily determined,and the functionality of the server does not depend on the location ofthe wireless devices.

SUMMARY OF THE INVENTION

A wireless server access control system is provided that includes awireless server generating a local wireless communications network, thewireless server having a processor and a plurality of redundant datamemory devices. A first wireless device, such as a cell phone, isconnected to the wireless server through the local wirelesscommunications network. An access control system operating on thewireless server is configured to generate a user control on a userinterface of the first wireless device to allow a user to permit or denyaccess to the processor and the data memory devices of the wirelessserver by a second wireless device through the local wirelesscommunications network, such as an optical head mounted display.

Other systems, methods, features, and advantages of the presentdisclosure will be or become apparent to one with skill in the art uponexamination of the following drawings and detailed description. It isintended that all such additional systems, methods, features, andadvantages be included within this description, be within the scope ofthe present disclosure, and be protected by the accompanying claims.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

Aspects of the disclosure can be better understood with reference to thefollowing drawings. The components in the drawings are not necessarilyto scale, emphasis instead being placed upon clearly illustrating theprinciples of the present disclosure. Moreover, in the drawings, likereference numerals designate corresponding parts throughout the severalviews, and in which:

FIG. 1 is a diagram of a system for providing an environment for adynamic mobile server, in accordance with an exemplary embodiment of thepresent disclosure;

FIG. 2 is a diagram of a system for providing a dynamic mobile server,in accordance with an exemplary embodiment of the present disclosure;

FIG. 3 is a diagram of a system for providing a redundant array of SDstorage devices in accordance with an exemplary embodiment of thepresent disclosure;

FIG. 4 is a diagram of a system for providing a dynamic wireless serverenvironment, in accordance with an exemplary embodiment of the presentdisclosure;

FIG. 5 is a diagram of an algorithm for a boot sequence for multipleprocessors in a dynamic mobile server environment, in accordance with anexemplary embodiment of the present disclosure;

FIG. 6 is a diagram of a software architecture in accordance with anexemplary embodiment of the present disclosure;

FIG. 7 is a diagram of a mobile computing cluster with multiple networkconnections, in accordance with an exemplary embodiment of the presentdisclosure;

FIG. 8 is a diagram of dynamic MESH network in accordance with anexemplary embodiment of the present disclosure;

FIG. 9 is a diagram of a user interface screen in accordance with anexemplary embodiment of the present disclosure;

FIG. 10 is a diagram of a user interface screen in accordance with anexemplary embodiment of the present disclosure;

FIG. 11 is a diagram of a room layout in accordance with an exemplaryembodiment of the present disclosure;

FIG. 12 is a diagram of a calibration layout in accordance with anexemplary embodiment of the present disclosure;

FIG. 13 is a diagram of a spatial grid in accordance with an exemplaryembodiment of the present disclosure;

FIG. 14 is a diagram of an algorithm in accordance with an exemplaryembodiment of the present disclosure;

FIG. 15 is a diagram of an algorithm for generating virtual displays inaccordance with an exemplary embodiment of the present disclosure; and

FIG. 16 is a diagram of an algorithm for receiving control data from avirtual display in accordance with an exemplary embodiment of thepresent disclosure.

DETAILED DESCRIPTION OF THE INVENTION

In the description that follows, like parts are marked throughout thespecification and drawings with the same reference numerals. The drawingfigures might not be to scale and certain components can be shown ingeneralized or schematic form and identified by commercial designationsin the interest of clarity and conciseness.

FIG. 1 is a diagram of a system 100 for providing an environment for adynamic mobile server 102, in accordance with an exemplary embodiment ofthe present disclosure. System 100 allows a dynamic mobile server 102 tointerface with a plurality of different devices.

System 100 can be implemented in hardware or a suitable combination ofhardware and software, and can be one or more software systems operatingon one or more processors. As used herein, “hardware” can include acombination of discrete components, an integrated circuit, anapplication-specific integrated circuit, a field programmable gatearray, or other suitable hardware. As used herein, “software” caninclude one or more objects, agents, threads, lines of code,subroutines, separate software applications, two or more lines of codeor other suitable software structures operating in two or more softwareapplications, on one or more processors (where a processor can include amicrocomputer or other suitable controller, memory devices, input-outputdevices, displays, data input devices such as keyboards or mice,peripherals such as printers and speakers, associated drivers, controlcards, power sources, network devices, docking station devices, or othersuitable devices operating under control of software systems inconjunction with the processor or other devices), or other suitablesoftware structures. In one exemplary embodiment, software can includeone or more lines of code or other suitable software structuresoperating in a general purpose software application, such as anoperating system, and one or more lines of code or other suitablesoftware structures operating in a specific purpose softwareapplication. As used herein, the term “couple” and its cognate terms,such as “couples” and “coupled,” can include a physical connection (suchas a copper conductor), a virtual connection (such as through randomlyassigned memory locations of a data memory device), a logical connection(such as through logical gates of a semiconducting device), othersuitable connections, or a suitable combination of such connections.

System 100 includes dynamic mobile server 102, which includes hardwareslots 104 and 106, and which is disposed within docking station 108.Docking station 108 includes inductive charging unit 114, whichinductively couples to dynamic mobile server 102 to charge internalbatteries of dynamic mobile sever 102. Messaging layer 116 is providedby a wireless data medium such as an 802.11x network and couples dynamicmobile server 102 to external device 110 and external device 112.Although two external devices are shown, dynamic mobile server 102 canoperate without any additional external devices or with a suitablenumber of additional external devices, such as ten or more.

Dynamic mobile server 102 is dynamic in that the number of externaldevices can be increased or decreased during operation of dynamic mobileserver 102, and is mobile in that dynamic mobile server 102 can beremoved from docking station 108 and carried by the user to differentlocations. As dynamic mobile server 102 is moved, or as differentdevices are moved within the range of the wireless network providing thewireless media over which messaging layer 116 operates, the number ofdevices such as external device 110 and external device 112 that formpart of the network created by dynamic mobile server 102 can increase ordecrease, and thus can change dynamically. Dynamic mobile server 102 isconfigured to be self-contained and small enough to be readily carriedby a user, such as in a pocket, a backpack, a brief case, a purse or inother suitable manners, so as to provide a dynamic mobile wirelessserver that creates a mobile mesh network environment.

FIG. 2 is a diagram of a system 200 for providing a dynamic mobileserver, in accordance with an exemplary embodiment of the presentdisclosure. System 200 includes connector 202, which connects SD RAIDboard 204, connector board 206, SOM board 208 and battery 210. Connector202 is configured to allow a user to add or remove components fromsystem 200, such as after removing an outer housing. SD RAID board 204is a redundant array of SD data storage devices, which reduce the powerrequirements for system 200 because SD data storage devices are notrequired to be continuously powered. Connector board 206 allows one ormore additional components to be added to system 200 by a user. SOMboard 208 is a system on module (SOM) board that provides a processorthat lacks standard input/output connections, which are provided throughconnector 202 and connector board 206. Battery 210 is configured toallow system 200 to operate independent of an external power source, andcan include inductive charging systems, power connectors and othersuitable components.

In operation, system 200 provides a portable server system with auser-interchangeable hardware configuration, and with a low-powerredundant array of storage devices that allows system 200 to be used asa dynamic mobile server.

FIG. 3 is a diagram of a system 300 for providing a redundant array ofSD storage devices in accordance with an exemplary embodiment of thepresent disclosure. System 300 includes SD cards 302, 304, 306 and 308,which can be hot swappable and user-interchangeable. In one exemplaryembodiment, each SD card 302 through 308 can be connected to a slot onan external housing, such as to allow a user to add or remove SD cardsduring operation. The SD cards can also or alternatively include one ormore processors, RF communication systems or other suitable components.

System 300 includes SD RAID and power controller 310 and SD bus 312,which is coupled to SD cards 302 through 308. SD RAID and powercontroller 310 allocates data storage to SD cards 302 through 308, suchas to provide redundant storage based on the number of available SDcards, to create redundant storage when a card is replaced, or for othersuitable purposes. In addition, because SD cards do not requirecontinuous power when they are not in use, system 300 providessignificant power savings over servers that use disk-based memory.

FIG. 4 is a diagram of a system 400 for providing a dynamic wirelessserver environment, in accordance with an exemplary embodiment of thepresent disclosure. System 400 can be implemented in hardware or asuitable combination of hardware and software, and can be one or moresoftware systems operating on one or more processors.

System 400 includes dynamic mobile server 102, which includes processorpooling system 402 and virtual machine 414, and is coupled to externaldevice 110 over messaging layer 116 (not shown). External device 110includes mobile server interface 408, which can be a dedicatedapplication, an application that operates in conjunction with a webbrowser, or other suitable applications. In one exemplary embodiment, auser activates mobile server interface 408 by first activating awireless connection with dynamic mobile server 102, such as by selectinga service set identifier (SSID) from a list of available wirelessnetworks, by entering a network password for the wireless network, andthen by activating a web browser and by entering a user identifier andpassword for access to dynamic mobile server 102. In another exemplaryembodiment, a user can install an application and then configure theapplication to access dynamic mobile server 102, such as by entering auserid and password, and dynamic mobile server 102 can authenticate thedevice for subsequent access based on the device's media accesscontroller identifier, the processor identifier or other suitable data.The application can also or alternatively allow dynamic mobile server102 to wake the device if it is not powered up, such as by utilizing awake on LAN protocol or other suitable systems or devices.

Dynamic mobile server 102 can also interface with external device 112over messaging layer 116 in a similar manner. External device 112 caninclude mobile server interface 408, user interface 410, virtual machine414 and display 412. Dynamic mobile server 102 can allow a user ofexternal device 112 to access application 404 and data 406 of externaldevice 110 in the following exemplary embodiments. In one exemplaryembodiment, a user of external device 112 accesses dynamic mobile server102 through mobile server interface 408, and obtains a list of availableapplications and data on dynamic mobile server 102 and other externaldevices that are connected to dynamic mobile server 102 throughmessaging layer 116, such as application 404 and data 406 of externaldevice 110. If the user selects data 406, then dynamic mobile server 102provides access to data 406, regardless of whether external device 110is powered on or off. If the user selects application 404, then dynamicmobile server 102 activates application 404 if external device 110 ispowered on, or activates external device 110 if it is powered off andhas wake on LAN functionality or other suitable systems or protocols.Processor pooling 402 of dynamic mobile server 102 allocates processorresources to allow application 404 to operate transparently to the userof external device 112, such as by instantiating virtual machine 414 ondynamic mobile server 102, by instantiating virtual machine 414 onexternal device 112 or in other suitable manners. The user theninterfaces with application 404 using user interface 410 and display412.

Mobile server interface 408 can be configured to synchronize data 406from device 110 to dynamic mobile server 102 whenever device 110 enterswithin range of dynamic mobile server 102. Alternatively, data 406 canbe allocated between synchronizable data and non-synchronizable data,such as to protect the privacy of certain types of data on device 110.SD cards 302 through 308 of dynamic mobile server 102 can likewise bepartitioned to store data for predetermined external devices (e.g.cellular telephones of predetermined users), for predeterminedapplications (e.g. text messaging applications and email applications),for predetermined types of data (image files, audiovisual data files,contact lists), or in other suitable manners.

In operation, system 400 allows a user of one external device to accessdata, applications and processor resources of dynamic mobile server 102or of another external device, such as by activating the other externaldevice using dynamic mobile server 102, by using pooled data orprocessor resources of system 400 or in other suitable manners.

FIG. 5 is a diagram of an algorithm 500 for a boot sequence for multipleprocessors in a dynamic mobile server environment, in accordance with anexemplary embodiment of the present disclosure. Algorithm 500 can beimplemented in hardware or a suitable combination of hardware andsoftware, and can be one or more software systems operating on one ormore processors.

Algorithm 500 begins at 502, where power is applied to a reducedinstruction set computing (RISC) processor, after which the algorithmproceeds to 504, where a basic input/output system (BIOS) of the RISCprocessor is activated. In one exemplary embodiment, the BIOS code canbe stored in a predetermined memory location, and can be automaticallyloaded into the RISC processor upon activation. The algorithm thenproceeds to 505.

At 505, a multiple boot loader such as the GNU GRUB or other suitablesystems is activated. In one exemplary embodiment, one or more of aplurality of operating systems can be selected for multiple bootloading, chain loading, or other suitable processes can also oralternatively be used. The algorithm then proceeds to 506.

At 506, the hardware abstraction layer (HAL) is activated, such as byloading one or more algorithms that control the operation of a SOM orother suitable processors. The algorithm then proceeds in parallel to508, where a common language runtime (CLR) library or other suitablecommon language infrastructure is activated on the RISC processor, andto 510, where an X86 processor is powered on. In one exemplaryembodiment, the X86 processor can be part of an SD RAID board, such asby using an Intel Edison SD card or other suitable devices. In anotherexemplary embodiment, the X86 processor can be located in an externaldevice that is powered on using a wake on LAN protocol or other suitablesystems or devices.

As the algorithm proceeds from 508 to 512, where the operating system isloaded into the RISC processor and is activated, the algorithm alsoproceeds from 510 to 514, where the BIOS of the X86 processor isactivated, and then to 516, where the DLL of the X86 processor issynchronized with the CLR of the RISC processor.

FIG. 6 is a diagram of a software architecture 600 in accordance with anexemplary embodiment of the present disclosure. Software architecture600 includes BIOS 602, middleware 604, databases 606, services 608,media 610, and operating systems OS1, OS2, OS3 and OS4, and can beimplemented on dynamic mobile server 102 or other suitable processors.Software architecture 600 allows dynamic mobile server 102 to operate anumber of different operating systems that can communicate with eachother through middleware 604, as well as with databases 606, services608, media 610 and external devices that are connected to dynamic mobileserver 102 through messaging layer 116.

FIG. 7 is a diagram of a mobile computing cluster 700 with multiplenetwork connections, in accordance with an exemplary embodiment of thepresent disclosure. Mobile computing cluster 700 includes dynamic mobileserver 102, which includes network access layer 702 and firewall 704,which provides access to network 1. In one exemplary embodiment, network1 can be the Internet or other public networks, and dynamic mobileserver 102 can access data over the network on behalf of itself or otherdevices that are connected to dynamic mobile server 102, with thebenefit of firewall 704.

Dynamic mobile server 102 is also coupled to device 706 over messaginglayer 116, and can provide network 1 access to device 706, as well asfirewall protection to prevent unauthorized external devices on network1 from accessing device 706. Dynamic mobile server 102 is furthercoupled to device 708, which includes network access layer 710 andfirewall 712, and can provide network 1 access to device 708, as well asfirewall protection to prevent unauthorized external devices on network1 from accessing device 708. Because device 708 also has network accesslayer 710 and firewall 712, it can also access network 2 independent ofthe access to network 1 through dynamic mobile server 102, but firewall704 of dynamic mobile server 102 can be configured to preventunauthorized external devices on network 2 from accessing device 706 ordynamic mobile server 102. Firewall 704 can also or alternatively beconfigured to prevent unauthorized external devices on network 2 fromaccessing device 708, but must be coordinated with network access layer710 and firewall 712 in order to provide that additional protection. Inone exemplary embodiment, when network 1 and network 2 are the samenetwork, dynamic mobile server 102 and device 708 can be configured toallow one of dynamic mobile server 102 and device 708 to control allnetwork access.

Dynamic mobile server 102 is further coupled to device 714, whichincludes network access layer 716, and which is connected to network 4through an external firewall 718, and can provide network 1 access todevice 714, as well as firewall protection to prevent unauthorizedexternal devices on network 1 from accessing device 714. Because device714 also has network access layer 716 and can access network 4 throughfirewall 718, it can also access network 4 independent of the access tonetwork 1 through dynamic mobile server 102, but firewall 704 of dynamicmobile server 102 can be configured to prevent unauthorized externaldevices on network 4 from accessing device 706, device 708 or dynamicmobile server 102. Firewall 704 can also or alternatively be configuredto prevent unauthorized external devices on network 4 from accessingdevice 714, but must be coordinated with network access layer 716 andfirewall 718 in order to provide that additional protection. In oneexemplary embodiment, when network 1, network 2 and network 4 are thesame network, dynamic mobile server 102, device 708 and device 714 canbe configured to allow one of dynamic mobile server 102, device 708 anddevice 714 to control all network access. Likewise, when network 1 andnetwork 4 are the same network, dynamic mobile server 102 and device 714can be configured to allow one of dynamic mobile server 102 and device714 to control all network access to those networks.

Dynamic mobile server 102 is further coupled to device 720, whichincludes network access layer 722, and which is connected to network 3without an external firewall, and can provide network 1 access to device720, as well as firewall protection to prevent unauthorized externaldevices on network 1 from accessing device 720. Because device 720 alsohas network access layer 722 and can access network 3 without anyfirewall protection, it can also access network 3 independent of theaccess to network 1 through dynamic mobile server 102, but firewall 704of dynamic mobile server 102 can be configured to prevent unauthorizedexternal devices on network 3 from accessing device 706, device 708,device 720 or dynamic mobile server 102. In one exemplary embodiment,when network 1, network 2, network 3 and network 4 are the same network,dynamic mobile server 102, device 708, device 714 and device 720 can beconfigured to allow one of dynamic mobile server 102, device 708, device714 and device 720 to control all network access. Likewise, when network1 and network 3 are the same network, dynamic mobile server 102 anddevice 720 can be configured to allow one of dynamic mobile server 102and device 720 to control all network access to those networks.

In addition, firewall 704 protects dynamic mobile server 102, device706, device 708, device 714 and device 720 from unauthorized access toeach other. In one exemplary embodiment, data and applications ondevices in mobile computing cluster 700 can be configured to allowaccess by other some, all or no other predetermined devices in mobilecomputing cluster 700, so as to provide additional protection fromunauthorized access.

In operation, mobile computing cluster 700 allows multiple devices withnetwork access and firewall protection to be coordinated, so as toprotect devices that are connected to mobile computing cluster 700 fromunauthorized external devices on networks that those devices might beconnected to, as well as unauthorized access between the devices thatform mobile computing cluster 700. Because access to dynamic mobileserver 102 is dynamic, firewall 704 is configured to evaluate thenetwork connections of each new device as it is added to mobilecomputing cluster 700 and to set suitable access controls and firewallprotection.

FIG. 8 is a diagram of dynamic MESH network 800 in accordance with anexemplary embodiment of the present disclosure. Dynamic MESH network 800includes dynamic mobile servers 102A, 102B and 102C, where dynamicmobile server 102A is coupled to device 810 and 812 over messaging layer116A, dynamic mobile server 102A is coupled to device 806 and 808 overmessaging layer 116B, and dynamic mobile server 102C is coupled todevice 802 and 804 over messaging layer 116C. In addition, dynamicmobile servers 102A, 102B and 102C are coupled to each other overmessaging layer 116N, which can be one or more of messaging layers 116A,116B and 116C, or a different messaging layer that uses a differenttiming, frequency spectrum/allocation, different messaging protocol orother suitable messaging layers from each of messaging layers 116A, 116Band 116C. Likewise, each of messaging layers 116A, 116B and 116C can usea different timing, frequency spectrum/allocation, different messagingprotocol or other suitable messaging layers from each of the othermessaging layers 116A, 116B and 116C, or the same messaging layer can beused for all communications.

In addition, dynamic mobile servers 102A, 102B and 102C can beconfigured to provide an ad hoc network, such as where one of dynamicmobile servers 102A, 102B and 102C is arbitrarily selected to be thecontrolling node, where node control is dynamically assigned based oncommunications or processing needs, or in other suitable manners. In oneexemplary embodiment, dynamic mobile servers 102A, 102B and 102C can beused to allocate unused or idle processor capacity between each other,such as where device 802 is operating an application and requiresadditional processing power. In this exemplary embodiment, dynamicmobile servers 102A, 102B and 102C and a suitable number of additionaldynamic mobile servers that are similarly coupled to one or more ofdynamic mobile servers 102A, 102B and 102C can be used to provideadditional processing capacity for one or more of devices 802 through812. For example, if 100 dynamic mobile servers are connected in adynamic MESH network, then processing capacity can be shared betweeneach of the dynamic mobile servers so as to allow one device that iscoupled to one of the dynamic mobile servers to potentially use some ofthe processing capacity of each of the 100 dynamic mobile servers.Because such allocation of processing capacity will be further affectedby the communication speed and MESH network reliability within each ofthe dynamic mobile severs of the MESH network, the amount of processingcapacity would typically be less than 100 times the amount of a singledynamic mobile server, but under certain conditions, substantialmultiples of processing capacity could be realized.

In addition, dynamic MESH network 800 can provide an alternativecommunications network for devices 802 through 812. In this exemplaryembodiment, devices 802 through 812 could be cellular telephones orother suitable communications devices, and in the event of a cellularcommunications network interruption, communications between devices 802through 812 that would otherwise be routed through the cellularcommunications network could alternately be routed within dynamic MESHnetwork 800. Dynamic MESH network 800 could also be used to provideimproved security to such external network communications, such as toprovide improved encryption or data security.

FIG. 9 is a diagram of a user interface screen 900 in accordance with anexemplary embodiment of the present disclosure. User interface screen900 can be generated using an optical head mounted display (OHMD) thatis driven by a dynamic mobile server 102 or in other suitable manners.

User interface screen 900 includes desktop 902 and virtual displayscreen 904. Desktop 902 is the image captured by a camera of the OHMD aswell as the image that is seen by the user that is wearing the OHMD. Theimage data generated by the camera is analyzed to detect the outline,color, or other distinguishing physical characteristics of desktop 902,and desktop 902 can be confirmed based on location data associated withthe OHMD, such as where the OHMD includes a GPS data system, where theOHMD receives positioning data from dynamic mobile server 102, or inother suitable manners. Virtual display screen 904 is generated on thedisplay of the OHMD, and can be associated with a fixed positionrelative to desktop 902, such that the position of virtual displayscreen 904 remains fixed if the user of the OHMD moves around. In thisexemplary embodiment, virtual display screen 904 can be configured todisplay predetermined data, such as audiovisual data, text data, graphicdata, one or more user-selectable controls, one or more user inputdevices, or other suitable data.

In one exemplary embodiment, the location of virtual display 904 can bemodified by the user, such as by raising one hand and placing it onvirtual display 904, and then by executing a relocation control. Therelocation control can be a verbal command that is recorded by amicrophone of the OHMD and processed by a speech detection processor todetect a verbal command by the user, to distinguish the verbal commandof others from a verbal command of the user, or by other suitable audioprocessing. Likewise, the relocation control can be a predeterminedgesture, such as a grabbing gesture that is executed after the userplaces the user's hand on virtual display 904. Additional processing anduser interface controls can also or alternatively be used, such as bygenerating a text prompt (MOVE DISPLAY?) that the user can confirm witha verbal command (such as a spoken word, a clicking sound or a whistle),by changing the appearance of virtual display (e.g. making it brighter,changing its color, encircling the virtual display with a predeterminedcolored outline), or in other suitable manners, and the user can confirmthe selection by a predetermined motion with the same hand that the userhas grabbed the dis[play with (such as rotating the closed hand towardsthe OHMD), by a predetermined motion with the other hand, by apredetermined motion with the user's head (such as a nod), or in othersuitable manners.

Once the user has confirmed that virtual display 904 is to be relocated,display 900 allows the user to move virtual display 904 to a newlocation, such as by associating virtual display 904 with the user'shand, with an object on the user's hand (such as a ring or watch) or inother suitable manners. When the user has placed virtual display 904 ina new location, the user can release virtual display 904 using asuitable command, such as a spoken command, a predetermined handgesture, a predetermined head gesture or in other suitable manners. Inthis manner, the user can interact with virtual display 904.

Although interactions with virtual display 904 have been described,other suitable interactions can also or alternatively be provided, suchas interactions with graphic images (such as weapons or sporting gearfor computer games), interactions with user controls (such as knobs,buttons or sliders), interactions with user interface devices (such as avirtual keyboard) or other suitable interactions. Such graphic images,user controls, user interface devices or other suitable image data canbe fixed to predetermined locations, such as by generating them relativeto the location of dynamic mobile server 102, by generating themrelative to location data generated by the OHMD, or in other suitablemanners. In this manner, the user of the OHMD can move relative tovirtual display 904 or other suitable image data, and the image data canremain in place as if it is anchored to an actual physical location.

FIG. 10 is a diagram of a user interface screen 1000 in accordance withan exemplary embodiment of the present disclosure. User interface screen1000 can be generated using an optical head mounted display (OHMD) thatis driven by a dynamic mobile server 102 or in other suitable manners.

User interface screen 1000 includes road 1002, horizon 1004 and virtualbillboard 1006. As discussed above, road 1002 and horizon 1004 can bethe image captured by a camera of the OHMD as well as the image that isseen by the user that is wearing the OHMD. The image data generated bythe camera is analyzed to detect the outline, color, or otherdistinguishing physical characteristics of road 1002 and horizon 1004,and OHMD can also or alternatively receive location data, such as wherethe OHMD includes a GPS data system, where the OHMD receives positioningdata from dynamic mobile server 102, or in other suitable manners.Virtual billboard 1006 is generated on the display of the OHMD, and canbe associated with a fixed position relative to road 1002 and horizon1004, such that the position of virtual billboard 1006 remains fixed asthe user drives down road 1002. In this exemplary embodiment, virtualbillboard 1006 can be configured to display predetermined data, such asaudiovisual data, text data, graphic data, one or more user-selectablecontrols, one or more user input devices, or other suitable data.

FIG. 11 is a diagram of a room layout 1100 in accordance with anexemplary embodiment of the present disclosure. Room layout 1100includes the location of user 1102, which is shown as an arrow that ispointing in the direction that the user is facing, virtual display 1004,virtual display 1006, anchor 1008 and user 1110. The OHMD of users 1102and 1110 can generate directional data (such as from a compass system orother suitable systems), location data (such as from a GPS system orother suitable systems), motion data (such as from accelerometers orother suitable systems) and other suitable data that allows the OHMD todetermine the associated user's position. User 1102 will perceive(through user 1102's OHMD) virtual display 1106 in room layout 110 asbeing on user 1102's right hand side, will perceive image dataassociated with anchor 1108 as being located on user 1102's left handside, and will not be able to see virtual display 1104, because virtualdisplay 1104 is located behind user 1102. User 1110 will perceive(through user 1110's OHMD) virtual display 1106 in room layout 110 asbeing in front of user 1110, will perceive image data associated withanchor 1108 as being located on user 1110's left hand side, and willperceive virtual display 1104 as being on user 1110's right hand side.The locations of virtual display 1104, virtual display 1106 and theimage associated with anchor 1108 can be fixed, and can be associatedwith a point in space, a physical object, or other suitable items.

FIG. 12 is a diagram of a calibration layout 1200 in accordance with anexemplary embodiment of the present disclosure. Calibration layout 1200can be used to calibrate the location of dynamic mobile server 102,external device 110 and external device 112, by providing apredetermined location and separation distance. In this exemplaryembodiment, dynamic mobile server 102 can transmit and receive radiofrequency electromagnetic waves, and can determine a time associatedwith a transmission to external device 110 and external device 112. Onceexternal device 110 and external device 112 have been placed oncalibration layout 1200, that transmission time can be calibrated to theassociated distance of calibration layout 1200. Likewise, additionaldata can be used to further distinguish the location of external device110 and external device 112 relative to dynamic mobile server 102, suchas by utilizing timing measurement systems of external device 110 andexternal device 112. When dynamic mobile server 102, external device 110and external device 112 are subsequently moved relative to each other,the change in location can be detected by the increase or decrease inthe associated transmission times between these components.

FIG. 13 is a diagram of a spatial grid 1300 in accordance with anexemplary embodiment of the present disclosure. Spatial grid 1300includes calibration layout 1200, which is placed at the bottom of acube that can be viewed from an external observation point, such as byan OHMD. The image data generated at the observation point can beanalyzed to detect mobile server 102, external device 110 and externaldevice 112 on calibration layout 1200, so as to add a third spatiallocation dimension to each of mobile server 102, external device 110 andexternal device 112. In this regard, each of mobile server 102, externaldevice 110 and external device 112 can be assigned a spatial location(X, Y, Z) and device identifier D that are mapped to a network address,such as an Internet Protocol Version 4 (IPV4) or Internet ProtocolVersion 6 (IPV6) network address. As mobile server 102, external device110 and external device 112 are moved within spatial grid 1300, thespatial location of each can be updated relative to the mapped address.

FIG. 14 is a diagram of an algorithm 1400 in accordance with anexemplary embodiment of the present disclosure. Algorithm 1400 can beimplemented in hardware or a suitable combination of hardware andsoftware, and can be one or more software systems operating on one ormore processors.

Algorithm 1400 begins at 1402, where a location is determined fordynamic mobile server 102 or other suitable systems. In one exemplaryembodiment, the location can be determined by transmitting a query to aglobal positioning system (GPS) that receives data from two or moretransmitters and that generates the location data based on timing dataand other data received from the two or more transmitters. The algorithmthen proceeds to 1404.

At 1404, a grid is initiated. In one exemplary embodiment, the grid canbe derived from the location data and network address data, such as IPV4or IPV6 address data. In this exemplary embodiment, dynamic mobileserver 102 can access a network, such as a wireless network access overa 4G network, and can be assigned a network address, such as having theformat a.b.c.d, where each letter denotes an 8 bit binary digit. Thegrid can be generated using the network address as a reference, such asby adding and subtracting values from the network address. In thisexemplary embodiment, a network address of 128.101.31.12 could beassigned to dynamic mobile server 102 or other suitable devices, and thegrid can be initiated to provide +/1 10 locations relative to thelocation of dynamic mobile server 102, such that the grid includeslocations ranging from (118-138), (91-111), (21-42), which correspond to(X,Y,Z) coordinates relative to the location of dynamic mobile server102. In this exemplary embodiment, range of the grid will be equal tothe range of the local wireless network generated by dynamic mobileserver 102, and compass data or other suitable data can be used toassign a coordinate to magnetic north or other suitable locations. Inthis manner, the location of other devices can be identified relative todynamic mobile server 102. Likewise, device identifiers can be assignedthe fourth address location relative to dynamic mobile server 102. Thealgorithm then proceeds to 1406.

At 1406, a device is detected. In one exemplary embodiment, the devicecan be detected during a calibration process, a device that has alreadybeen authenticated can be detected, or other suitable processes can alsoor alternatively be used, The algorithm then proceeds to 1408, wheresignal parameters are determined. In one exemplary embodiment, thesignal parameters can be determined during a calibration process, thesignal parameters can be applied to prior calibration data, or othersuitable processes can also or alternatively be used. The algorithm thenproceeds to 1410, where a location is assigned to the device relative tothe grid. In one exemplary embodiment, dynamic mobile server 102 cangenerate the grid as described, and can determine a location of thedevice relative to dynamic mobile server 102. That relative locationwill be within the grid formed by dynamic mobile server 102 if thedevice is within the range of the wireless network generated by mobiledevice 102, such that coordinates (X,Y,Z) can be assigned to the devicebased on the grid generated at 1404. The algorithm then proceeds to1412.

At 1412, it is determined whether there is another device within rangeof the wireless network generated dynamic mobile server 102, such as bydetecting dynamic host configuration protocol (DHCP) messaging. If it isdetermined that there is another device, the algorithm returns to 1406,otherwise, the algorithm proceeds to 1414.

At 1414, it is determined whether there is an optical input, such asimage data generated by an OHMD or other suitable image data. If it isdetermined that an optical input is not present, the algorithm proceedsto 1420. If it is determined that an optical input is present, thealgorithm proceeds to 1416, where the image data is analyzed to detectthe one or more devices that have been detected. In one exemplaryembodiment, the detected device can have an associated physical profile,such as a laptop or desktop computer, a television set or other suitabledevices, and the image data can be analyzed to detect these associatedprofiles. In another exemplary embodiment, a calibration layout 1200 orother suitable calibration layouts can be used to provide a guide fordetection within the image data, or other suitable processes orconfigurations can also or alternatively be used. The algorithm thenproceeds to 1418.

At 1418, a Z axis coordinate is assigned to the detected devices. In oneexemplary embodiment, the Z axis coordinate can be based on the analyzedimage data, radio frequency timing data received by the dynamic mobileserver 102, radio frequency timing data received by the OHMD, radiofrequency timing data received by other devices, or other suitable data.If no Z axis coordinate data can be detected, then a default Z axiscoordinate value can be assigned. The algorithm then proceeds to 1420,where the one or more devices are authenticated. In one exemplaryembodiment, the devices can be authenticated using a challengeprocedure, where a first device is assigned to be a primary deviceassociated with a dynamic mobile server 102. In this exemplaryembodiment, the primary device can generate an authentication key, suchas by randomly selecting a data field from each of a plurality ofprofile documents associated with the primary device and using thatselection of random data fields to generate the authentication key.Likewise, other suitable authentication keys can be generated. Theprimary device can then select other devices and can transmit theauthentication key to those other devices, to allow the other devices tobe automatically authenticated to the network.

In operation, algorithm 1400 allows a spatial location grid to begenerated to associate wireless devices within a local wireless networkwith a physical location relative to a wireless server, such as to allowimage data to be generated on an OHMD or other suitable devices thatrepresents the devices, to allow a user to locate and utilize the otherdevices, or for other suitable purposes. Although algorithm 1400 isshown as a flow chart, the functions of algorithm 1400 can also oralternatively be implemented as a state diagram, as one or more objectsor in other suitable manners.

FIG. 15 is a diagram of an algorithm 1500 for generating virtualdisplays in accordance with an exemplary embodiment of the presentdisclosure. Algorithm 1500 can be implemented in hardware or a suitablecombination of hardware and software, and can be one or more softwaresystems operating on one or more processors.

Algorithm 1500 begins at 1502, where image data is received. In oneexemplary embodiment, the image data can be generated using cameras onan OHMD or in other suitable manners, and can be a series of images orvideo data that are analyzed to detect items, objects or people havingpredetermined physical configurations in the image data, such asbuildings, furniture or other items, objects or people. The algorithmten proceeds to 1504, where directional data is generated. In oneexemplary embodiment, the directional data can be generated using adigital compass device or other suitable systems. The algorithm thenproceeds to 1506.

At 1506, display data for one or more virtual displays is retrieved. Inone exemplary embodiment, the directional data and location dataassociated with an OHMD, a dynamic mobile server or other suitabledevices can be used to determine a direction of view of a user or deviceand to further determine which virtual displays, if any, should begenerated on a display device of an OHMD or other suitable devices. Forexample, if the user is facing north and is 2 feet south of a virtualdisplay, the display data for that virtual display can be retrieved. Thealgorithm then proceeds to 1508.

At 1508, a virtual machine is initiated for each of the virtualdisplays. In one exemplary embodiment, the virtual machine can beconfigured based on user selections, can be associated with anapplication, can be used to provide data to a user, or other suitablevirtual machines can be initiated. In this exemplary embodiment, a usercan select a location for a virtual display to provide data of interestto the user, such as a news feed, an audiovisual presentation or othersuitable data, and the user can then select the specific type of data tobe displayed, such as stock price data, a television show or othersuitable data. The data can be associated with a predetermined location,such that the user can select the display data when the user is not inthe vicinity of the display, but where the display data is generated forthe user when the user moves into the vicinity of the display. Likewise,display data can be configured for other users, such as to createadvertising displays, for use in a video game, or for other suitablepurposes. Likewise, other suitable processes can be used in addition toor instead of using virtual machines, such as by dedicating one graphicsco-processor of a multiple parallel graphics processor array to eachvirtual display. The algorithm then proceeds to 1510.

At 1510, it is determined whether the user has changed direction, suchas by detecting a change in direction data generated by a digitalcompass system or in other suitable manners. If it is determined that auser has not changed direction, the algorithm proceeds to 1516,otherwise, the algorithm proceeds to 1512 where display data for one ormore virtual displays is retrieved, such as based on a determination ofdisplays that would be seen by a user based on the new direction. Thealgorithm then proceeds to 1514, where virtual machines are initiatedfor each of the displays. The algorithm then proceeds to 1516.

At 1516, it is determined whether a user has changed locations. In oneexemplary embodiment, a user can have a dynamic mobile server 102 thatis configured to be carried by the user, and the user can connect to thedynamic mobile server 102 using an OHMD or other suitable interfacedevices. In this exemplary embodiment, the user can then move whilecommunicating with dynamic mobile server 102 and while viewing virtualdisplays through the OHMD. Dynamic mobile server 102 can also receiveupdated location data from a GPS unit or other suitable sources, suchthat additional virtual displays can be generated as the user walks,drives, or other changes locations. For example, a user can walk througha building with virtual displays set up at different locations, and canuse the virtual displays for directions, such as where the user isshopping for items on a shopping list. The location of the items on theshopping list can be mapped out, and as the user approaches one of theitems, a virtual display can be generated to direct the user to theitem. After the user has obtained the item, a new virtual display can begenerated to direct the user to the next closest item.

In another exemplary embodiment, a user can perform a series of tasks,and virtual displays can be generated after each task is completed toinstruct the user of the next task. In this exemplary embodiment, a usercan be building a structure, and a series of tasks can be presented tothe user, such as to place a series of structural supports inpredetermined locations (such as wall studs), to install one or moreitems to the structural supports (such as drywall), to perform a processon the one or more items (such as to pait the drywall), and othersuitable work functions. The locations of resources for such workfunctions (such as storage locations for wall studs, nails, drywall,paint, paint brushes) can also be identified with virtual displays.

In another exemplary embodiment, a user can drive to a meeting, andvirtual displays can be generated to direct the user as the user isdriving, including directions to an available parking location. Afterthe user parks, directions can be generated for the user to find thecorrect office building, to take the correct elevator, to select thecorrect floor in an elevator, and to find the correct office orconference room.

In another exemplary embodiment, a user can participate in a game thatincludes movement through a building, an obstacle course, a city, orother suitable environments, and virtual displays can be generated asgame objectives, such as to find predetermined items associated withvirtual displays, to interact with virtual entities or to otherwiseengage in an augmented reality environment.

If it is determined at 1516 that the user has not changed locations, thealgorithm proceeds to 1522, otherwise the algorithm proceeds to 1518where display data is retrieved as a function of the new location data.The algorithm then proceeds to 1520, where a virtual machine or othersuitable process is initiated for each display. The algorithm thenproceeds to 1522.

At 1522, firewall settings are applied to one or more of the virtualdisplays. In one exemplary embodiment, one or more pixels, groups ofpixels, coordinates, ranges of coordinates, displays or other suitableselections can be made to identify a firewall. In this exemplaryembodiment, a physical region can be identified as a firewalledlocation, such that any virtual displays or devices within that regionare protected by a firewall from being directly accessed by a deviceoutside of the local wireless network of the dynamic mobile server 102,such as through a broadband wireless network that is connected to one ofthe devices that is connected to dynamic mobile server 102 through thelocal wireless network. In this manner, a user can protect a virtualdisplay from being accessed from another device, can determine whether avirtual display is being controlled by an external device, and canperform other suitable functions. The algorithm then proceeds to 1524,where display updates are applied, such as due to a change in firewallsettings. The algorithm then proceeds to 1526.

At 1526, it is determined whether a user has deactivated dynamic mobileserver 102. If not the algorithm returns to 1510, otherwise thealgorithm proceeds to 1528, where the virtual display updates and othersuitable data is saved, and the process terminates after other suitabletermination procedures have been implemented.

In operation, algorithm 1500 allows a user to interact with virtualdisplays in an augmented reality environment, such as to receivedirections, to perform work tasks, for shopping, for game playing or forother suitable purposes. Although algorithm 1500 is shown as a flowchart, the functions of algorithm 1500 can also or alternatively beimplemented as a state diagram, as one or more objects or in othersuitable manners.

FIG. 16 is a diagram of an algorithm 1600 for receiving control datafrom a virtual display in accordance with an exemplary embodiment of thepresent disclosure. Algorithm 1600 can be implemented in hardware or asuitable combination of hardware and software, and can be one or moresoftware systems operating on one or more processors.

Algorithm 1600 begins at 1602, where image data is received. In oneexemplary embodiment, the image data can be received from a camera of anOHMD or other suitable devices. The algorithm then proceeds to 1604.

At 1604, it is determined whether a user action has been detected. Inone exemplary embodiment, the user action can be predetermined action bya user's hand, a user's arm, a user's head, a verbal command or othersuitable user actions. If it is determined that no user action has beendetected, the algorithm returns to 1602. Otherwise, the algorithmproceeds to 1606.

At 1606, it is determined whether a relocation control has beendetected. In one exemplary embodiment, a relocation control can beassociated with one or more virtual displays that the user is able torelocate, and can require the user to play a hand in the same locationas the virtual display that is to be relocated, to say a phrase, to makea predetermined hand gesture or to perform other suitable actions. If itis determined that a relocation control has not been detected, thealgorithm proceeds to 1618, otherwise the algorithm proceeds to 1608.

At 1608, the virtual display associated with the relocation control isselected, such as by increasing the brightness of the virtual display,by changing the color of the virtual display, by outlining the virtualdisplay or in other suitable manners. The algorithm then proceeds to1610, where the user is prompted to confirm the selection. In oneexemplary embodiment, a text prompt can be generated on the userinterface screen of an OHMD, a audio prompt can be generated, the usercan be given a predetermined amount of time to act, a confirmationaction can be detected (such as rotation of the hand or nodding of thehead), or other suitable confirmation actions can be detected. If theuser does not confirm the selection, the algorithm returns to 1606,otherwise, the algorithm proceeds to 1612.

At 1612, the user relocates the virtual display, such as by dragging thevirtual display to a new location or in other suitable manners. In oneexemplary embodiment, the display can be anchored to the user's hand, aring, a wrist watch or other suitable objects, and the virtual displaycan be generated at each location that the user moves their hand orother object to. In another exemplary embodiment, the virtual displaycan be shut off and regenerated after the user has stopped moving theirhand, or other suitable procedures can also or alternatively be used.The algorithm then proceeds to 1614.

At 1614, the user is prompted to confirm the new location of thedisplay, such as by increasing the brightness of the virtual display, bychanging the color of the virtual display, by outlining the virtualdisplay or in other suitable manners. If it is determined that the userhas not confirmed the relocation, the algorithm returns to 1612,otherwise the algorithm proceeds to 1616 and the virtual display isattached to the new location. The algorithm then returns to 1602.

At 1618, it is determined whether a data entry control has beenreceived. In one exemplary embodiment, a data entry control can beassociated with one or more virtual displays that the user is able toenter data to, and can require the user to play a hand in the samelocation as the virtual display that is to receive the data, to say aphrase, to make a predetermined hand gesture or to perform othersuitable actions. If it is determined that a data entry control has notbeen detected, the algorithm proceeds to 1626, otherwise the algorithmproceeds to 1620.

At 1620, data for entry is received, such as by generating a virtualkeyboard, by receiving spoken data, or in other suitable manners. Thedata can be repeated within the virtual display, as a line of dataacross the top or bottom of the user display, or in other suitablemanners. After data entry has been completed, the algorithm proceeds to1622.

At 1622, it is determined whether the user has confirmed the data entry.In one exemplary embodiment, a text prompt can be generated on the userinterface screen of an OHMD, an audio prompt can be generated, the usercan be given a predetermined amount of time to act, a confirmationaction can be detected (such as rotation of the hand or nodding of thehead), or other suitable confirmation actions can be detected. If theuser does not confirm the selection, the algorithm returns to 1606,otherwise, the algorithm proceeds to 1624, where the data is entered.The algorithm then returns to 1602.

At 1626, it is determined whether a selection control has been received.In one exemplary embodiment, a selection control can be associated withone or more virtual displays that the user is able to select, such as abutton or control knob, and can require the user to play a hand in thesame location as the virtual display that is to be selected, to say aphrase, to make a predetermined hand gesture or to perform othersuitable actions. If it is determined that a selection control has notbeen detected, the algorithm returns to 1602, otherwise the algorithmproceeds to 1628.

At 1628, the selection is highlighted, such as by increasing thebrightness of the virtual display, by changing the color of the virtualdisplay, by outlining the virtual display or in other suitable manners.The algorithm then proceeds to 1630, where it is determined whether theuser has confirmed the data entry. In one exemplary embodiment, a textprompt can be generated on the user interface screen of an OHMD, anaudio prompt can be generated, the user can be given a predeterminedamount of time to act, a confirmation action can be detected (such asrotation of the hand or nodding of the head), or other suitableconfirmation actions can be detected. If the user does not confirm theselection, the algorithm returns to 1606, otherwise, the algorithmproceeds to 1632, where the selection is entered. The algorithm thenreturns to 1602.

In operation, algorithm 1600 allows a user to interact with virtualdisplays in an augmented reality environment, such as to relocate avirtual display, to enter data, to select a control or for othersuitable purposes. Although algorithm 1600 is shown as a flow chart, thefunctions of algorithm 1600 can also or alternatively be implemented asa state diagram, as one or more objects or in other suitable manners.

It should be emphasized that the above-described embodiments are merelyexamples of possible implementations. Many variations and modificationsmay be made to the above-described embodiments without departing fromthe principles of the present disclosure. All such modifications andvariations are intended to be included herein within the scope of thisdisclosure and protected by the following claims.

What is claimed is:
 1. A wireless server access control systemcomprising: a wireless server generating a local wireless communicationsnetwork, the wireless server having a processor and a plurality ofredundant data memory devices; a first wireless device coupled to thewireless server through the local wireless communications network; anaccess control system operating on the wireless server, the accesscontrol system configured to authenticate the first wireless device as amaster device by comparing a key stored in a data memory device of thewireless server with a key generated from two or more data fieldsextracted by the wireless server from two or more data storage locationsof the first wireless device, and to generate a user control on a userinterface of the first wireless device to allow a user to permit or denyaccess to the processor and the data memory devices of the wirelessserver by a second wireless device through the local wirelesscommunications network by providing the key to the second wirelessdevice; a mobile server interface application operating on the firstwireless device, the mobile server interface application configured togenerate one or more user controls to allow a user to identify one ormore data sources to be backed up to the wireless server from a secondwireless device that is coupled to the wireless server; a processorpooling application operating on the wireless server, the processorpooling application configured to allocate processor capacity for anapplication operating on the first wireless device to a processor of thewireless server as a function of a processor load of a processor of thefirst wireless device and a processor load of the processor of thewireless server; a first processor of the wireless server running afirst operating system, wherein the first device runs the firstoperating system and processing capacity for a first applicationoperating on the first device is allocated to the first processor; asecond processor of the wireless server running a second operatingsystem simultaneously with the first processor running the firstoperating system, wherein the second device runs the second operatingsystem and processing capacity for a second application operating on thesecond device is allocated to the second processor; a firewall systemoperating on the wireless server configured to prevent a device on anexternal network from directly accessing the first wireless device andthe second wireless device over the local wireless network when thefirst wireless device and the second wireless device are located withina first predetermined physical area and to allow the device on theexternal network to directly access the first wireless device and thesecond wireless device over the local wireless network when the firstwireless device and the second wireless device are located within asecond predetermined physical area; wherein the wireless server isconfigured to assign unique coordinate data to the first wireless devicethat uniquely identifies the first wireless device and a physicallocation of the first wireless device, and unique coordinate data to thesecond wireless device that uniquely identifies the second wirelessdevice and a physical location of the second wireless device regardlessof whether the first wireless device and the second wireless device areco-located within identical Global Positioning System coordinates;wherein the unique coordinate data for the first wireless device and theunique coordinate data for the second wireless device identifies thephysical location of the first wireless device in a first InternetProtocol Version 4 or higher network address and the physical locationof the second wireless device relative to a physical location of thewireless server in a second Internet Protocol Version 4 or highernetwork address; and wherein the unique coordinate data for the firstwireless device and the unique coordinate data for the second wirelessdevice are each stored in three predetermined data fields of acorresponding Internet Protocol network address field.
 2. The wirelessserver access control system of claim 1 wherein the access controlsystem is configured to allow the primary device to select one or moreother wireless devices to provide the other wireless devices with anauthentication key to access the wireless server.
 3. The wireless serveraccess control system of claim 1 wherein the processor poolingapplication is configured to allocate processor capacity for a firstapplication operating on the first wireless device and a secondapplication operating on a second wireless device to a first processorof the wireless server, wherein an operating system of the firstwireless device is the same as an operating system of the secondwireless device and an operating system of the first processor of thewireless server.
 4. The wireless server access control system of claim 3wherein the processor pooling application allocates the processorcapacity of the first processor as a function of a processor load of thefirst wireless device and a processor load of the second wirelessdevice.
 5. The wireless server access control system of claim 1 whereinthe firewall system applies a firewall to data communications to thefirst wireless device as a function of unique three dimensional locationdata associated with the wireless device.
 6. The wireless server accesscontrol system of claim 1 wherein the firewall system applies a firewallto data communications to the first wireless device as a function ofunique three dimensional location data associated with a network addressof the wireless device.
 7. The wireless server access control system ofclaim 1 wherein the firewall system applies a firewall to datacommunications to the first wireless device as a function of uniquethree dimensional location data stored in three data fields of anInternet Protocol network address of the wireless device.
 8. Thewireless server access control system of claim 1 further comprising asecond wireless server generating a second local wireless communicationsnetwork, the second wireless server having a processor and a pluralityof redundant data memory devices, wherein the first wireless server andthe second wireless server form an ad hoc wireless network, and whereina processor pooling application operating on the first wireless serverallocates processor capacity on the second wireless server to the firstwireless device.
 9. The wireless server access control system of claim 1wherein the wireless server is configured to load a first operatingsystem on a first processor of the wireless server and to load a secondoperating system on a second processor of the wireless server prior toactivating a hardware abstraction layer of the wireless server.
 10. Thewireless server access control system of claim 1 wherein the wirelessserver is configured to determine whether a second wireless device hasbeen authenticated to access the wireless server by detecting anauthentication key stored in the second wireless device.
 11. Thewireless server access control system of claim 1 wherein the wirelessserver is configured to determine whether a second wireless device hasbeen authenticated to access the wireless server by the first wirelessdevice by detecting an authentication key from the first wireless devicethat has been stored in the second wireless device by the first wirelessdevice.
 12. A wireless server access control system comprising: awireless server generating a local wireless communications network, thewireless server having a processor and a plurality of redundant datamemory devices; a first wireless device coupled to the wireless serverthrough the local wireless communications network; an access controlsystem operating on the wireless server, the access control systemconfigured to authenticate the first wireless device as a master deviceby comparing a key stored in a data memory device of the wireless serverwith a key generated from two or more data fields extracted by thewireless server from two or more data storage locations of the firstwireless device; a mobile server interface application operating on thefirst wireless device, the mobile server interface applicationconfigured to generate one or more user controls to allow a user toidentify one or more data sources to be backed up to the wireless serverfrom a second wireless device that is coupled to the wireless server; aprocessor pooling application operating on the wireless server, theprocessor pooling application configured to allocate processor capacityfor an application operating on the first wireless device to a processorof the wireless server as a function of a processor load of a processorof the first wireless device and a processor load of the processor ofthe wireless server; a first processor of the wireless server running afirst operating system, wherein the first device runs the firstoperating system and processing capacity for a first applicationoperating on the first device is allocated to the first processor; asecond processor of the wireless server running a second operatingsystem simultaneously with the first processor running the firstoperating system, wherein the second device runs the second operatingsystem and processing capacity for a second application operating on thesecond device is allocated to the second processor; a firewall systemoperating on the wireless server configured to prevent a device on anexternal network from directly accessing the first wireless device andthe second wireless device over the local wireless network when thefirst wireless device and the second wireless device are located withina first predetermined physical area and to allow the device on theexternal network to directly access the first wireless device and thesecond wireless device over the local wireless network when the firstwireless device and the second wireless device are located within asecond predetermined physical area; wherein the wireless server isconfigured to assign unique coordinate data to the first wireless devicethat uniquely identifies the first wireless device and a physicallocation of the first wireless device, and unique coordinate data to thesecond wireless device that uniquely identifies the second wirelessdevice and a physical location of the second wireless device regardlessof whether the first wireless device and the second wireless device areco-located within identical Global Positioning System coordinates;wherein the unique coordinate data for the first wireless device and theunique coordinate data for the second wireless device identifies thephysical location of the first wireless device in a first InternetProtocol Version 4 or higher network address and the physical locationof the second wireless device relative to a physical location of thewireless server in a second Internet Protocol Version 4 or highernetwork address; and wherein the unique coordinate data for the firstwireless device and the unique coordinate data for the second wirelessdevice are each stored in three predetermined data fields of acorresponding Internet Protocol network address field.
 13. The wirelessserver access control system of claim 12 wherein the access controlsystem is configured to allow the primary device to select one or moreother wireless devices to provide the other wireless devices with anauthentication key to access the wireless server.
 14. The wirelessserver access control system of claim 12 wherein the processor poolingapplication is configured to allocate processor capacity for a firstapplication operating on the first wireless device and a secondapplication operating on a second wireless device to a first processorof the wireless server, wherein an operating system of the firstwireless device is the same as an operating system of the secondwireless device and an operating system of the first processor of thewireless server.
 15. The wireless server access control system of claim14 wherein the processor pooling application allocates the processorcapacity of the first processor as a function of a processor load of thefirst wireless device and a processor load of the second wirelessdevice.
 16. The wireless server access control system of claim 12wherein the firewall system applies a firewall to data communications tothe first wireless device as a function of unique three dimensionallocation data associated with the wireless device.
 17. The wirelessserver access control system of claim 12 wherein the firewall systemthat applies a firewall to data communications to the first wirelessdevice as a function of unique three dimensional location dataassociated with a network address of the wireless device.
 18. Thewireless server access control system of claim 12 wherein the firewallsystem that applies a firewall to data communications to the firstwireless device as a function of unique three dimensional location datastored in three data fields of an Internet Protocol network address ofthe wireless device.
 19. The wireless server access control system ofclaim 12 further comprising a second wireless server generating a secondlocal wireless communications network, the second wireless server havinga processor and a plurality of redundant data memory devices, whereinthe first wireless server and the second wireless server form an ad hocwireless network, and wherein a processor pooling application operatingon the first wireless server allocates processor capacity on the secondwireless server to the first wireless device.
 20. The wireless serveraccess control system of claim 12 wherein the wireless server isconfigured to load a first operating system on a first processor of thewireless server and to load a second operating system on a secondprocessor of the wireless server prior to activating a hardwareabstraction layer of the wireless server.
 21. The wireless server accesscontrol system of claim 12 wherein the wireless server is configured todetermine whether a second wireless device has been authenticated toaccess the wireless server by detecting an authentication key stored inthe second wireless device.
 22. The wireless server access controlsystem of claim 12 wherein the wireless server is configured todetermine whether a second wireless device has been authenticated toaccess the wireless server by the first wireless device by detecting anauthentication key from the first wireless device that has been storedin the second wireless device by the first wireless device.